CVE-2010-4631

2010-12-3020:00:00

mitre

www.cve.org

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.

References

advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html

marc.info/?l=full-disclosure&m=128913521908405&w=2

packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt

secunia.com/advisories/30176

www.exploit-db.com/exploits/15448

www.securityfocus.com/bid/44698

exchange.xforce.ibmcloud.com/vulnerabilities/63053